package com.jlu.springsecurityoauth2.config;

import com.jlu.springsecurityoauth2.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.oauth2.provider.token.TokenEnhancerChain;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

import javax.annotation.Resource;
import java.util.ArrayList;

@EnableAuthorizationServer
@Configuration
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {


  @Autowired
  private PasswordEncoder passwordEncoder;

  @Autowired
  private UserService userService;

  @Autowired
  private AuthenticationManager authenticationManager;

//  @Autowired
//  @Qualifier("redisTokenStore")
//  private TokenStore tokenStore;

  @Autowired
  @Qualifier("jwtTokenStore")
  private TokenStore tokenStore;

  @Autowired
  private JwtTokenEnhancer jwtTokenEnhancer;


  @Autowired
  private JwtAccessTokenConverter jwtAccessTokenConverter;

  @Override
  public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

//    jwt内容增强器
    TokenEnhancerChain enhancerChain = new TokenEnhancerChain();
    ArrayList<TokenEnhancer> delegates = new ArrayList<>();
    delegates.add(jwtTokenEnhancer);
    delegates.add(jwtAccessTokenConverter);
    enhancerChain.setTokenEnhancers(delegates);

    endpoints.userDetailsService(userService)
            .authenticationManager(authenticationManager)
            .tokenStore(tokenStore)
            .accessTokenConverter(jwtAccessTokenConverter)
            .tokenEnhancer(enhancerChain);
  }

  @Override
  public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients.inMemory().withClient("admin")
            .secret(passwordEncoder.encode("112233"))
            .accessTokenValiditySeconds(3600)
            .refreshTokenValiditySeconds(3600)
            .redirectUris("http://localhost:8081/login")
            .autoApprove(true)//自动授权
            .scopes("all")
            .authorizedGrantTypes("password","refresh_token","authorization_code");
//            .authorizedGrantTypes("authorization_code");
  }

  @Override
  public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
//    获取密钥需要身份认证
    security.tokenKeyAccess("isAuthenticated()");
  }
}
